Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Network Security

207 views

Published on

An overview of network security covering firewalls, IDS/IPS systems, traffic shaping and monitoring, and practical ways to get started learning network security.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Network Security

  1. 1. Network Based Security By: UTD CSG
  2. 2. Get in touch with us Mailing List - Sign in and check “Add to Mailing List” Website - csg.utdallas.edu Slack - #csg on ecsutd.slack.com Email - utdcsg@gmail.com 2
  3. 3. Announcements Lab Hangouts - ECSS 4.619 - 4 PM Thursday - February 15 Pentesting Session - FO 1.202 February 24th, 1 - 4pm State Farm CTF Sign-up - March 5th - 12th 3
  4. 4. Network Based Security Overview 1. Networking Overview a. Basics b. Securing your infrastructure 2. Firewall a. Services b. Rules c. Tools 3. Monitoring a. Performance Monitoring b. Packet Monitoring c. Intrusion Detection Systems 4. IDS/IPS Rules a. Snort b. Surricata c. Pfsense 5. Network Security Policies a. Security culture b. Mitigating social engineering threats
  5. 5. Networking Overview
  6. 6. Basics ● LAN ● Routing packets ● Routers ● Switches ● Ports ● Firewalls
  7. 7. http://darron.net/wp-content/uploads/sites/6/2014/03/basic_network_diagram.jpg
  8. 8. Securing Your Infrastructure ● 802.1X (Authentication over ethernet) ○ Secure your ports! ● IPSec ○ Authentication and encryption across a network ● VLAN segmentation ○ VLAN Hopping & Mitigation ■ Switch Spoofing ■ Double Tagging ● WiFi Authentication Technologies -> (https://www.utdallas.edu/oit/howto /cometnet/) ○ Don’t WEP ○ Don’t WPS ○ Don’t WPA ○ Do WPA2, until WPA3 gets popular, then ditch WPA2.
  9. 9. Firewall
  10. 10. Basics of a firewall Firewall acts as a gate for traffic on a network Setting rules sets what traffic can enter and exit the network Allow traffic through some ports and disallow from others Block certain ports and ip address from accessing the network or reaching out.
  11. 11. Windows Firewall
  12. 12. Windows Firewall
  13. 13. Linux Firewall IP Tables: sudo iptables -A INPUT -s 15.15.15.51 -j DROP sudo iptables -A INPUT -p tcp --dport 443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT sudo iptables -A OUTPUT -p tcp --sport 443 -m conntrack --ctstate ESTABLISHED -j ACCEPT sudo iptables -A OUTPUT -p tcp --dport 25 -j REJECT
  14. 14. Routing Firewalls
  15. 15. Network Monitoring
  16. 16. Performance Monitoring Why monitor Performance of a system: Look for unusual cpu usage and unusual bandwidth in the network Seeing Usage during non-work hours maybe be a result of someone breaking into the network
  17. 17. Traffic Shaping
  18. 18. Packet Monitoring
  19. 19. Intrusion Detection Systems A system that logs all incoming and outgoing traffic and alerts based on a rule set created by the user Most IDS Systems also have rule sets for denying/reject traffic if the traffic matches the key
  20. 20. IDS and IPS
  21. 21. Snort Open Source tool that allows you to monitor different interface on a router or specific device for key rule sets Installation can be done on network level or user level Can be set to block traffic as well as alert
  22. 22. Snort Rule Set Basic Rule Set: Alert tcp any any -> any any (msg:”You’ve got traffic”) More Specific Rules: Alert tcp $EXTERNAL_NET any -> 192.168.3.0/24 80 (msg”You got port 80 traffic on 192.168.3.0” classtype: web-application)
  23. 23. Community Rule for Snort alert tcp $EXTERNAL_NET any -> $HOME_NET any ( msg:"INDICATOR-COMPROMISE Metasploit Meterpreter reverse HTTPS certificate"; flow:to_client,established; content:"|16 03 02|"; content:"|0B|",within 1,distance 2; content:"|30 82|",within 2,distance 9; content:"|30 82|",within 2,distance 2; content:"|A0 03 02 01 02 02|",within 6,distance 2; content:"|30 0D 06 09 2A 86 48 86 F7 0D 01 01|",within 22; content:"|31|",within 1,distance 5; content:"|30|",within 1,distance 1; content:"|06 03 55 04 03 0C|",within 6,distance 1; content:"|30|",within 10,distance 3; content:"|17 0D|",within 2,distance 1; content:"Z|17 0D|",within 3,distance 12; content:"Z|30|",within 2,distance 12; content:"|31|",within 1,distance 1; content:"|30|",within 1,distance 1; content:"|06 03 55 04 03 0C|",within 6,distance 1; content:"|30 82|",within 9,distance 2; content:"|30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82|",within 17,distance 2; content:"|30 82|",within 2,distance 3; content:"|02 82|",within 2,distance 2; content:"|02 03 01 00 01 A3 0D 30 0B 30 09 06 03 55 1D 13 04 02 30 00 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00|",fast_pattern,nocase; metadata:ruleset community; service:ssl; reference:url,blog.didierstevens.com; classtype:misc-activity; sid:36612; rev:2; )
  24. 24. Suricata Similar to Snort but allows for multiprocessing on larger networks Easier to scale
  25. 25. Suricata rule https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Rules
  26. 26. Network Security Policies
  27. 27. A Word On Culture ● We’re not going to bore you with the gritty details of developing comprehensive network security policies. ● The Story of Olga from Accounting ● Social Engineering Threats
  28. 28. Mitigating Social Engineering Threats ● Fix the IT Security culture. ● No more “stupid users.” ● Make users a part of your security team. ○ Turn a weakness into a resource. https://www.youtube.com/watch?v=JsVtHqICeKE

×